US6219726B1 - System for providing access protection on media storage devices by selecting from a set of generated control parameters in accordance with application attributes - Google Patents
System for providing access protection on media storage devices by selecting from a set of generated control parameters in accordance with application attributes Download PDFInfo
- Publication number
- US6219726B1 US6219726B1 US08/281,868 US28186894A US6219726B1 US 6219726 B1 US6219726 B1 US 6219726B1 US 28186894 A US28186894 A US 28186894A US 6219726 B1 US6219726 B1 US 6219726B1
- Authority
- US
- United States
- Prior art keywords
- access
- tape
- extent
- control parameters
- application program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/80—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
Definitions
- the present invention relates to storage devices. More specifically, the present invention relates to systems for regulating access to tape devices.
- Data integrity is a key consideration in any data processing system. Most data processing environments have requirements to prevent data integrity problems due to unauthorized access to data. Certain programs exist which allow a system to input access criteria for datasets and access authority for users. The system then uses this information to manage data access. For tape devices, this protection mechanism is typically limited to management of access to the entire tape, referred to as a “volume”.
- Tape devices have, however, traditionally supported the storing of multiple datasets on the same volume. Even in the case of a single dataset, there is the additional consideration that there may be residual data left on the medium from some prior usage which is beyond the end of the last written dataset. Access to such residual information is referred to as “object reuse” in some arenas. Both of these conditions represent potential security exposures if the accesses to the medium are not managed to the scope of the data on the medium to which the user is authorized. This would typically be a single dataset.
- tape applications are allowed to issue input/output (I/O) commands (e.g., channel programs), typically without much supervision by the control program.
- I/O input/output
- the control program is responsible for performing label and file formatting while the application is responsible for reading or writing the data portion of the file.
- some devices provide a protection assist mechanism to reject certain commands which are reserved for use by the control program, this protection is not used to control commands which access the medium.
- commands which allow random position to different blocks or partitions on the medium an application has the ability to position outside of the single file which it has been given access to by the control program and associated security software.
- volume only a single file can be stored on the volume. Multiple files would be exposed to the application accessing data in more than one file. As volume capacities increase, storage of multiple files to utilize capacity becomes a critical part of storage management. The average file size is typically significantly less than the full capacity of a volume.
- the application may overwrite formatted portions of the volume which should not be overwritten, such as the label group for the dataset.
- the application may attempt to write formatting information, such as tape marks, which would lead to invalid file formatting on the medium.
- the application may attempt to unload the medium before the control program has a chance to finish file formatting on the medium. This might allow the application to unload the current medium and access some other medium.
- some devices provide a Load command.
- Some device loaders have an automatic mode of loading which causes another volume to be loaded when the current volume is unloaded.
- the time required to perform an erase function may be significant. On most tape devices, this function requires that the device overwrite any portions of the volume which follow the end of the file. As volume capacities increase, the time spent performing this function increases linearly. For instance, the time to erase a 10 gigabit volume on a device which writes at a 1 megabit per second data rate would be roughly 10,000 seconds or three hours. If a significant number of the files processed require this type of processing, then the availability of tape devices for normal processing is severely impacted.
- a second alternative is for the control program to scan through every channel program which is received from an application to determine whether there are any commands which might have undesirable effects.
- the channel program is typically in the user's address space which may lead to additional complexities with storage protection keys and address space translation problems.
- control program may need to examine the parameter data associated with the command in order to assess its impact. This implies that a detailed knowledge of the device command set must be coded into the control program. It also creates the problem of having to update the control program every time new functions are introduced so that they are not rejected by the checking performed in the control program (e.g., an unknown function or command must be assumed to be a potential access violation and therefore it must be rejected). This may prohibit the early introduction of new functions by providing support directly in the application without the control program's knowledge.
- the program may not be able to assess whether the command creates a problem or not. For instance, a Locate command specifies some logical block further down the medium.
- the control program may or may not know the extent (e.g., the range of logical blocks) of the currently active dataset and therefore may not be able to determine whether the access is outside the range of the dataset.
- a set of control parameters is generated for the device for a given application program.
- a tape control unit uses the parameters to process commands from the application program and thereby control access to the tape.
- an extent is defined on the tape and controls are defined which govern the type of access permitted within the extent.
- the system rejects any commands which attempt to access medium outside of the defined extent. Write and formatting commands within the extent are limited and partition changes, loads and unloads are prohibited.
- FIG. 1 is block diagram of a computer device input/output system utilizing the teachings of the present invention.
- FIG. 2 is a flow diagram of the control program logic utilized in the system of the present invention.
- FIG. 3 is a flow diagram of the device control logic utilized in the system of the present invention.
- FIG. 1 is block diagram of a computer device input/output system utilizing the teachings of the present invention.
- the system 10 includes a computer 12 , a device control unit 14 , a input/output device 16 and media 18 .
- a user application program 20 running on the computer 12 generates input and output (I/O) requests which are received and interpreted by a computer control program 22 .
- the application program may be a word processing program and the control program may be an operating system program such as DOS or UNIX.
- the control program 22 on initiation of an application request, identifies the attributes of the application program ( 24 ) and of a dataset ( 26 ) on which the program is operating and generates a set of controls for an access monitor and control program 28 of the device control unit 14 .
- Typical application attributes include a list of data groups to which it has an access privilege (e.g., read-only, read-write, etc.) and typical dataset attributes include a data group with which it is associated and perhaps limitations on access (i.e., read-only, read-write, etc.).
- the control unit 14 is a device manager having a microprocessor (not shown) which converts signals formatted with the protocol of the computer 12 into signals formatted with the protocol of the input/output device 16 .
- the control unit 14 also controls the I/O device 16 to format and position the media 18 and to access individual files 30 , 32 and 34 therein.
- the I/O device 16 is a tape drive unit and the media 18 is a tape.
- FIG. 2 is a flow diagram of the control program logic utilized in the system of the present invention.
- FIG. 3 is a flow diagram of the device control logic utilized in the system of the present invention.
- the control program 22 receives a request to run the application program 20 .
- the program 22 fetches application and dataset attributes 24 and 26 , respectively.
- the program 22 determines appropriate controls from the attributes. For example, if the program has read access to the data group with which the dataset is associated, the controls would specify accesses limited to reads and limited to the section of the medium associated with that dataset.
- step 48 the controls are sent to the access monitor and control program 28 of control unit 14 and stored in memory (not shown)
- the application program is run (step 50 ).
- steps 52 and 54 I/O requests are processed by the device control logic routine 60 of FIG. 3 in the access monitor and control program 28 . If a protection violation is detected, the I/O request and, in some cases, the application program are terminated and the routine ends (step 58 ). If no protection violation occurs, the application is allowed to access the device 16 .
- the device control logic routine of the access monitor and control program 28 processes I/O requests from the application program and detects protection violations by first checking in memory to determine if device controls are present (step 64 ). If not, the command is processed. If, however, device controls are present in memory, the routine 60 retrieves the controls at step 66 . Then, the I/O command is checked against each of the controls (step 68 , 70 , etc.). If none of the controls are violated, the command is processed (step 72 ) and good status is returned to the control program (step 74 ). If, however, any of the controls are violated, the command fails (step 76 ) and a protection violation is indicated to the control program (step 54 of FIG. 2 ).
- the controls may be defined as follows.
- an extent is defined on the medium 18 as a range of logically consecutive storage locations on the medium 18 .
- an extent is defined on the medium 18 as a range of logically consecutive storage locations on the medium 18 .
- a tape volume which is access only for reading, it is a range of logical blocks starting at one logical block in a given medium partition through a series of consecutive logical blocks in the same partition or in one or more subsequent medium partitions.
- the extent would typically have a specific starting position, such as the beginning of a partition or following some specified logical block, and a generalized ending position, such as the end of the same or some subsequent partition.
- a new command is created (e.g., “Define Extent”).
- This command is used to specify the beginning and ending position of the extent of medium to be protected.
- the starting position argument should be able to specify the start of the extent in any one of the following ways: 1) beginning of medium; 2) beginning of partition; 3) the current medium position (e.g., before the next block in the forward direction); 4) the position after the preceding tape mark; and 5) a specified partition number and logical block number on the medium.
- Items 1 or 2 would typically be used for cases where the application has access to either the entire medium or the entire partition, respectively.
- Item 3 would typically be used when the medium is positioned to the beginning of the file to be accessed.
- Item 4 would typically be the same as item 3 in the case of a file which is accessed in the forward direction. Item 4 would also be useful for specifying the beginning of a file when the medium is positioned to the end of the file. Item 5 can be used to define an arbitrary starting point on the medium. For all cases except 4, the device can determine a specific partition number and logical block number associated with the start of the extent. For case 4, the device can determine a specific partition number and logical block number associated with the start of the extent if and only if it has already accessed all logical blocks between the preceding tape mark and the current location.
- the ending position argument should be able to specify the end of the extent in any of the following ways; 1) end of medium; 2) end of partition; 3) the current medium position (e.g., after the next block in the backward direction); 4) the position before the succeeding tape mark; 5) end of data (e.g., after the last valid block written); and 6) a specified partition number and logical block number on the medium.
- Items 1 or 2 would typically be used for write cases where the application has access to all data following the start of extent on the entire medium or the entire partition, respectively.
- Item 3 would typically be used when the medium is positioned to the end of the file which is to be accessed.
- Item 4 would typically be used when the medium is positioned to the beginning of the file which is to be accessed for reading and the control program does not know the exact position of the end of the file (as indicated by the next tape mark in the forward direction).
- Item 5 would be used to access data up to the last block written to the medium from the last recording pass. This would typically be used if the application has access to all valid data on the medium (e.g., including any labels and tape marks at the end of the file).
- Item 6 can be used to define an arbitrary ending point on the medium.
- the device can determine a specific partition number and logical block number associated with the end of the extent.
- the device can determine a specific partition number and logical block number associated with the end of the extent if and only if it has already accessed all logical blocks between the current medium position and the specified end of extent.
- controls are defined which govern the type of access on the medium which are allowed.
- the application program would normally have full read and write access to any portion of the medium:
- any commands which attempt to position the medium outside the extent specified by the last Define Extent command which was issued are rejected.
- medium positioning must remain within the limits of the defined extent.
- the control is not allowed to be activated if the medium is not positioned within the extent when the command is issued.
- the performance of a Locate command may be limited if the device cannot associate the extent boundary in the direction of travel with a specific logical block number as discussed above. In this case, the device normally must sequentially access all blocks between the current position and target position to ensure that the extent boundary condition is not encountered. In cases where this performance degradation is likely for a Locate operation and additionally the applications under consideration are dependent on the Locate command, an extent boundary specification should be used which can be associated with a logical block number.
- any commands which cause the medium to be loaded or unloaded are rejected. This includes, for example, a Rewind Unload command.
- commands which cause the medium to be loaded or unloaded may be accepted.
- Controls can be used independently of each other and, except for Extent Protect, independently of the Define Extent command.
- the controls would typically be provided through a mode set type command and would be persistent once issued until changed by the program, or possibly, until the current volume is unloaded.
- the Mode Set and Define Extent commands are treated as commands reserved for the control program to provide a mechanism that prevents the application from modifying the above controls or the extent definition.
- the control program 22 can inhibit the use of the Define Extent command and Mode Set commands to the application as required.
- the control program has the ability to do all of the following: 1) limit accesses to a specific extent of the medium; 2) limit the scope of volume access (more specifically, read-only or read-write access can be selected); 3) limit volume access to a single volume or partition by disabling the ability to change the medium or the partition; and 4) limit the volume formatting to data-only modifications.
- the control program establishes a set of constraints at the beginning of processing which prevent the application from performing any actions which result in unauthorized access, file formatting integrity errors, or volume integrity errors. These constraints do not require the control program to monitor the contents of channel programs and the overhead is limited to the establishment of constraints once per file activation (e.g., OPEN).
- the present invention has been described herein with reference to a particular embodiment for a particular application. Those having ordinary skill in the art and access to the present teachings will recognize additional modifications applications and embodiments within the scope thereof.
- the invention is not limited to use with tape devices.
- the teachings of the present invention may be used with any storage media.
- the invention is not limited to the commands defined in the illustrative embodiment. The Invention allows for a variety of commands to be defined and used to suite a particular application.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Priority Applications (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US08/281,868 US6219726B1 (en) | 1994-07-27 | 1994-07-27 | System for providing access protection on media storage devices by selecting from a set of generated control parameters in accordance with application attributes |
CN95104777A CN1081362C (zh) | 1994-07-27 | 1995-04-25 | 在介质存储设备上提供存取保护的系统 |
JP13525495A JP3600313B2 (ja) | 1994-07-27 | 1995-06-01 | アクセス制御システム |
DE69517256T DE69517256T2 (de) | 1994-07-27 | 1995-07-03 | System und Verfahren zur Versorgung des Zugriffsschutzes auf Informationsspeichereinrichtung |
EP95304641A EP0695986B1 (de) | 1994-07-27 | 1995-07-03 | System und Verfahren zur Versorgung des Zugriffsschutzes auf Informationsspeichereinrichtung |
KR1019950021741A KR100213849B1 (ko) | 1994-07-27 | 1995-07-22 | 매체 저장 장치로의 액세스 제한 시스템 및 방법 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US08/281,868 US6219726B1 (en) | 1994-07-27 | 1994-07-27 | System for providing access protection on media storage devices by selecting from a set of generated control parameters in accordance with application attributes |
Publications (1)
Publication Number | Publication Date |
---|---|
US6219726B1 true US6219726B1 (en) | 2001-04-17 |
Family
ID=23079105
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US08/281,868 Expired - Fee Related US6219726B1 (en) | 1994-07-27 | 1994-07-27 | System for providing access protection on media storage devices by selecting from a set of generated control parameters in accordance with application attributes |
Country Status (6)
Country | Link |
---|---|
US (1) | US6219726B1 (de) |
EP (1) | EP0695986B1 (de) |
JP (1) | JP3600313B2 (de) |
KR (1) | KR100213849B1 (de) |
CN (1) | CN1081362C (de) |
DE (1) | DE69517256T2 (de) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030023867A1 (en) * | 2001-07-25 | 2003-01-30 | Thibadeau Robert H. | Methods and systems for promoting security in a computer system employing attached storage devices |
US6715043B1 (en) * | 1999-03-19 | 2004-03-30 | Phoenix Technologies Ltd. | Method and system for providing memory-based device emulation |
US20050160281A1 (en) * | 2001-07-25 | 2005-07-21 | Seagate Technology Llc | System and method for delivering versatile security, digital rights management, and privacy services |
US20050223164A1 (en) * | 2004-03-30 | 2005-10-06 | Hitachi, Ltd. | Assuring genuineness of data stored on a storage device |
US20060155939A1 (en) * | 2004-12-24 | 2006-07-13 | Yasuyuki Nagasoe | Data processing system and method |
US20060206720A1 (en) * | 2005-03-08 | 2006-09-14 | Hideki Harada | Method, program and system for limiting I/O access of client |
US20070250710A1 (en) * | 2006-04-25 | 2007-10-25 | Seagate Technology Llc | Versatile secure and non-secure messaging |
US7539890B2 (en) | 2006-04-25 | 2009-05-26 | Seagate Technology Llc | Hybrid computer security clock |
US8429724B2 (en) | 2006-04-25 | 2013-04-23 | Seagate Technology Llc | Versatile access control system |
US20230010385A1 (en) * | 2021-07-07 | 2023-01-12 | Fujitsu Limited | Storage control apparatus and storage control method |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5966732A (en) * | 1996-12-02 | 1999-10-12 | Gateway 2000, Inc. | Method and apparatus for adding to the reserve area of a disk drive |
JP3228182B2 (ja) * | 1997-05-29 | 2001-11-12 | 株式会社日立製作所 | 記憶システム及び記憶システムへのアクセス方法 |
US7631198B2 (en) * | 2005-05-10 | 2009-12-08 | Seagate Technology | Protocol scripting language for safe execution in embedded system |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4525780A (en) * | 1981-05-22 | 1985-06-25 | Data General Corporation | Data processing system having a memory using object-based information and a protection scheme for determining access rights to such information |
US4604694A (en) * | 1983-12-14 | 1986-08-05 | International Business Machines Corporation | Shared and exclusive access control |
US4780821A (en) * | 1986-07-29 | 1988-10-25 | International Business Machines Corp. | Method for multiple programs management within a network having a server computer and a plurality of remote computers |
US4941107A (en) * | 1986-11-17 | 1990-07-10 | Kabushiki Kaisha Toshiba | Image data processing apparatus |
US5065429A (en) * | 1989-04-03 | 1991-11-12 | Lang Gerald S | Method and apparatus for protecting material on storage media |
US5191611A (en) * | 1989-04-03 | 1993-03-02 | Lang Gerald S | Method and apparatus for protecting material on storage media and for transferring material on storage media to various recipients |
US5276735A (en) * | 1992-04-17 | 1994-01-04 | Secure Computing Corporation | Data enclave and trusted path system |
US5283830A (en) * | 1991-12-17 | 1994-02-01 | International Computers Limited | Security mechanism for a computer system |
US5339403A (en) * | 1990-05-11 | 1994-08-16 | International Computers Limited | Access control in a distributed computer system |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPS595495A (ja) * | 1982-06-30 | 1984-01-12 | Fujitsu Ltd | 記憶領域保護方式 |
US4587628A (en) * | 1983-12-05 | 1986-05-06 | International Business Machines Corporation | Method and apparatus for dynamic invocation of utilities |
JPS63296136A (ja) * | 1987-05-27 | 1988-12-02 | Nec Corp | プログラムの正当性確認方法 |
GB2230881A (en) * | 1989-04-28 | 1990-10-31 | Christopher William Cowsley | Data storage protection |
JPH036644A (ja) * | 1989-06-02 | 1991-01-14 | Nec Corp | 記憶保護方式 |
JPH03224047A (ja) * | 1990-01-30 | 1991-10-03 | Toshiba Corp | 携帯可能電子装置 |
US5410700A (en) * | 1991-09-04 | 1995-04-25 | International Business Machines Corporation | Computer system which supports asynchronous commitment of data |
CN1068212A (zh) * | 1992-03-11 | 1993-01-20 | 邵通 | 微机硬盘读写控制器 |
US5414852A (en) * | 1992-10-30 | 1995-05-09 | International Business Machines Corporation | Method for protecting data in a computer system |
-
1994
- 1994-07-27 US US08/281,868 patent/US6219726B1/en not_active Expired - Fee Related
-
1995
- 1995-04-25 CN CN95104777A patent/CN1081362C/zh not_active Expired - Fee Related
- 1995-06-01 JP JP13525495A patent/JP3600313B2/ja not_active Expired - Fee Related
- 1995-07-03 EP EP95304641A patent/EP0695986B1/de not_active Expired - Lifetime
- 1995-07-03 DE DE69517256T patent/DE69517256T2/de not_active Expired - Lifetime
- 1995-07-22 KR KR1019950021741A patent/KR100213849B1/ko not_active IP Right Cessation
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4525780A (en) * | 1981-05-22 | 1985-06-25 | Data General Corporation | Data processing system having a memory using object-based information and a protection scheme for determining access rights to such information |
US4604694A (en) * | 1983-12-14 | 1986-08-05 | International Business Machines Corporation | Shared and exclusive access control |
US4780821A (en) * | 1986-07-29 | 1988-10-25 | International Business Machines Corp. | Method for multiple programs management within a network having a server computer and a plurality of remote computers |
US4941107A (en) * | 1986-11-17 | 1990-07-10 | Kabushiki Kaisha Toshiba | Image data processing apparatus |
US5065429A (en) * | 1989-04-03 | 1991-11-12 | Lang Gerald S | Method and apparatus for protecting material on storage media |
US5191611A (en) * | 1989-04-03 | 1993-03-02 | Lang Gerald S | Method and apparatus for protecting material on storage media and for transferring material on storage media to various recipients |
US5339403A (en) * | 1990-05-11 | 1994-08-16 | International Computers Limited | Access control in a distributed computer system |
US5283830A (en) * | 1991-12-17 | 1994-02-01 | International Computers Limited | Security mechanism for a computer system |
US5276735A (en) * | 1992-04-17 | 1994-01-04 | Secure Computing Corporation | Data enclave and trusted path system |
Cited By (28)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6715043B1 (en) * | 1999-03-19 | 2004-03-30 | Phoenix Technologies Ltd. | Method and system for providing memory-based device emulation |
US7426747B2 (en) | 2001-07-25 | 2008-09-16 | Antique Books, Inc. | Methods and systems for promoting security in a computer system employing attached storage devices |
US20050066191A1 (en) * | 2001-07-25 | 2005-03-24 | Seagate Technology Llc | System and method for delivering versatile security, digital rights management, and privacy services from storage controllers |
US20050160281A1 (en) * | 2001-07-25 | 2005-07-21 | Seagate Technology Llc | System and method for delivering versatile security, digital rights management, and privacy services |
US7925894B2 (en) | 2001-07-25 | 2011-04-12 | Seagate Technology Llc | System and method for delivering versatile security, digital rights management, and privacy services |
US20050268114A1 (en) * | 2001-07-25 | 2005-12-01 | Seagate Technology Llc | Methods and systems for promoting security in a computer system employing attached storage devices |
US7036020B2 (en) | 2001-07-25 | 2006-04-25 | Antique Books, Inc | Methods and systems for promoting security in a computer system employing attached storage devices |
US20030023867A1 (en) * | 2001-07-25 | 2003-01-30 | Thibadeau Robert H. | Methods and systems for promoting security in a computer system employing attached storage devices |
US7461270B2 (en) | 2001-07-25 | 2008-12-02 | Seagate Technology Llc | Methods and systems for promoting security in a computer system employing attached storage devices |
US7917708B2 (en) | 2004-03-30 | 2011-03-29 | Hitachi, Ltd. | Assuring genuineness of data stored on a storage device |
US20050223164A1 (en) * | 2004-03-30 | 2005-10-06 | Hitachi, Ltd. | Assuring genuineness of data stored on a storage device |
US7162593B2 (en) * | 2004-03-30 | 2007-01-09 | Hitachi, Ltd. | Assuring genuineness of data stored on a storage device |
US20070083724A1 (en) * | 2004-03-30 | 2007-04-12 | Hitachi, Ltd. | Assuring genuineness of data stored on a storage device |
US7130971B2 (en) | 2004-03-30 | 2006-10-31 | Hitachi, Ltd. | Assuring genuineness of data stored on a storage device |
US20060117157A1 (en) * | 2004-03-30 | 2006-06-01 | Hitachi, Ltd. | Assuring genuineness of data stored on a storage device |
US20090228645A1 (en) * | 2004-03-30 | 2009-09-10 | Hitachi, Ltd. | Assuring genuineness of data stored on a storage device |
US7555618B2 (en) | 2004-03-30 | 2009-06-30 | Hitachi, Ltd. | Assuring genuineness of data stored on a storage device |
US20060155939A1 (en) * | 2004-12-24 | 2006-07-13 | Yasuyuki Nagasoe | Data processing system and method |
US7243189B2 (en) * | 2004-12-24 | 2007-07-10 | Hitachi, Ltd. | Data processing system and method |
US20060206720A1 (en) * | 2005-03-08 | 2006-09-14 | Hideki Harada | Method, program and system for limiting I/O access of client |
US7539890B2 (en) | 2006-04-25 | 2009-05-26 | Seagate Technology Llc | Hybrid computer security clock |
US20090235109A1 (en) * | 2006-04-25 | 2009-09-17 | Seagate Technology Llc | Hybrid computer security clock |
US20070250710A1 (en) * | 2006-04-25 | 2007-10-25 | Seagate Technology Llc | Versatile secure and non-secure messaging |
US8028166B2 (en) | 2006-04-25 | 2011-09-27 | Seagate Technology Llc | Versatile secure and non-secure messaging |
US8281178B2 (en) | 2006-04-25 | 2012-10-02 | Seagate Technology Llc | Hybrid computer security clock |
US8429724B2 (en) | 2006-04-25 | 2013-04-23 | Seagate Technology Llc | Versatile access control system |
US20230010385A1 (en) * | 2021-07-07 | 2023-01-12 | Fujitsu Limited | Storage control apparatus and storage control method |
US11688422B2 (en) * | 2021-07-07 | 2023-06-27 | Fujitsu Limited | Storage control apparatus and storage control method |
Also Published As
Publication number | Publication date |
---|---|
JPH0855062A (ja) | 1996-02-27 |
EP0695986B1 (de) | 2000-05-31 |
CN1128374A (zh) | 1996-08-07 |
CN1081362C (zh) | 2002-03-20 |
DE69517256T2 (de) | 2000-12-21 |
DE69517256D1 (de) | 2000-07-06 |
EP0695986A1 (de) | 1996-02-07 |
KR100213849B1 (ko) | 1999-08-02 |
JP3600313B2 (ja) | 2004-12-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6336175B1 (en) | Method and system for providing restricted write access to a storage medium | |
US4947318A (en) | Data processing security system for automatically transferring software protection data from removable store into internal memory upon mounting of stores | |
US6185661B1 (en) | Worm magnetic storage device | |
EP1034488B1 (de) | Grundfunktionen eines dateiensystemes zur nativen unterstützung eines dateiensystems für entfernte dateispeicherung | |
US5566319A (en) | System and method for controlling access to data shared by a plurality of processors using lock files | |
US5390297A (en) | System for controlling the number of concurrent copies of a program in a network based on the number of available licenses | |
US6219726B1 (en) | System for providing access protection on media storage devices by selecting from a set of generated control parameters in accordance with application attributes | |
US20070094471A1 (en) | Method and system for providing restricted access to a storage medium | |
US5632027A (en) | Method and system for mass storage device configuration management | |
US20010021966A1 (en) | Access monitor and access monitoring method | |
US8838926B2 (en) | Interacting with data in hidden storage | |
KR19990013369A (ko) | 저장 관리 시스템의 공간 할당 실패를 감소시키는 방법 및장치 | |
JPH0570859B2 (de) | ||
US6505213B1 (en) | File management apparatus and method | |
US5432929A (en) | Storage subsystem having a modifiable key-lock | |
EP0756228B1 (de) | Erweitern der Datenträgerverwaltung von Informationsspeichereinrichtungen zum Behandeln des direkten Zugriffs zu Speichereinrichtungen | |
JPH0887440A (ja) | データ入出力管理装置及びデータ入出力管理方法 | |
US6108791A (en) | Password processing apparatus and method | |
US5584029A (en) | Data protecting system for an echangeable storage medium comprising power supply control means, medium detection means and medium identifying means | |
US5978914A (en) | Method and apparatus for preventing inadvertent changes to system-critical files in a computing system | |
JPH06124239A (ja) | キャッシュメモリの常駐データ制御装置 | |
US6463502B1 (en) | Backup copying of data to a tape unit with a cache memory | |
EP0539966B1 (de) | System und Verfahren zur Steuerung einer magneto-optischen Platte | |
JPH02157988A (ja) | Icカードにおけるコマンド処理方法 | |
US6912662B1 (en) | Cooling-off period for destructive software |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:RIPBERGER, RICHARD A.;REEL/FRAME:007120/0242 Effective date: 19940715 |
|
FEPP | Fee payment procedure |
Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
FPAY | Fee payment |
Year of fee payment: 4 |
|
REMI | Maintenance fee reminder mailed | ||
LAPS | Lapse for failure to pay maintenance fees | ||
STCH | Information on status: patent discontinuation |
Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362 |
|
FP | Lapsed due to failure to pay maintenance fee |
Effective date: 20090417 |